ragcode-memory
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions in SKILL.md include a specific security rule that forbids the storage of secrets such as API keys, passwords, and tokens in the shared memory layer.
- [SAFE]: The installation procedures in README.md refer to official tools and repositories from the vendor 'MarshallEriksen-Neura', such as the 'ragcode-context-engine' package and the 'ragcode-skills' bundle.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data (memories, feedback, decisions) that may be influenced by untrusted users or other agents.
- Ingestion points: The agent ingests external data through the 'memory_query' and 'memory_list' tools, as well as via the 'memorySnippets' and 'memoryHints' fields in tool outputs.
- Boundary markers: No explicit delimiters or instructions to ignore embedded directives within the memory content are provided in the prompt.
- Capability inventory: The agent's capabilities are limited to interacting with the RagCode MCP server (read, write, delete); it does not have access to subprocess execution or direct file system writes.
- Sanitization: There is no evidence of content validation or sanitization for the retrieved memory data in the skill files.
Audit Metadata